I am posting more questions that I have faced during my course. Please discuss the same. The next question is:

What TCP/IP Vulnerability does the SYN Flooding DOS Attack exploit?

1. There is no limit to the number of connections possible on a host. 2. Connection Establishment is a very cumbersome process. 3. There are an unlimited number of IP addresses possible. 4. The target computer has limited bandwidth. 5. TCP/IP cannot handle SYN data packets.

Regards,

The Morpheus

Last edited by morpheus063 on Mon Sep 25, 2006 10:11 pm, edited 1 time in total.

Dengar is right. We aren't here to do your homework for you. If you're going to post questions you may at the very least post which answer you think is corect and why. I'm sure that the members here will be more than obliging in correcting you if you make a mistake.

BTW, I'd go for answer no. 2. This question is very easy and deals with basic understanding of TCP/IP. If you don't feel comfortable with the study material perhaps you should defer your exam until you've done some revision.

CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.

The only answer which would make at least a bit sense is 4. - DOS attacks always deals with limited resources but SynFlooding is not really using bandwith but the limited capability of a host to handle connections.

either 2 or 4, i would probably choose 2 since a SYN Flood has nothing to do with a host's bandwidth per say but is an attack on the OS to keep up with the SYN requests and the ACK's back. but i could see 4 being an option that could be considered correct depending on how you look at it.

It is poorly written but that's common to a lot of testing questions. CISSP comes to mind. =)

Are they saying it's a vulnerability in the TCP/IP standard or how different OSes implement it in their stacks? An arguement could be made that the answer is 1. Being the standard doesn't limit the number of connections that can be attempted to a host, this allows for SYN packets to overload the stack.

The TCP connection process isn't cumbersome SYN/SYNACK/ACK, thats it. Yeah its not a simple as UDP, but really its not "cumbersome" for an enduser in anyway.

Question 4 states bandwidth, however doesn't specifically say network bandwidth. While not completely generic you could interpret that in several ways. In the broadest sense, a given computer only has enough bandwidth to support so many half open connections before it can't take anymore. I would also tend to believe that network bandwidth is directly relevant, as an attacking computer with huge pipe, will overwhelm a target machine with smaller pipe very easily, even though it doesn't take that many packets to create a SYN flood condition.